• LWD@lemm.ee
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    12 days ago

    After reading the article and the spec, it looks like GPC is another header (like DNT) and a JavaScript variable the client would set. I don’t see why this couldn’t be used for tracking too.

    For HTTP:

    A user agent MUST generate a Sec-GPC header… if… gpcAtNavigation is true.

    For JavaScript:

    The globalPrivacyControl property is available on the navigator object

    GPC also looks like a watered down version of DNT. DNT was “do not track,” and GPC is "do not sell:

    GPC is also not intended to limit a first party’s use of personal information within the first-party context (such as a publisher targeting ads to a user on its website based on that user’s previous activity on that same site).

    Emphasis mine